use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testVerifySignatureInvalidSignature.
/**
* Tests the behavior of the {@code verifySignature} method with an invalid
* signature.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureInvalidSignature() throws Exception {
final KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator("RSA");
keyPairGenerator.initialize(2048);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
PKCS10CertificateSigningRequest csr = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, keyPair, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
final X509CertificateExtension[] extensions = new X509CertificateExtension[csr.getExtensions().size()];
csr.getExtensions().toArray(extensions);
csr = new PKCS10CertificateSigningRequest(csr.getVersion(), csr.getSignatureAlgorithmOID(), null, new ASN1BitString(ASN1BitString.getBitsForBytes(new byte[256])), csr.getSubjectDN(), csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), null, extensions);
csr.verifySignature();
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testVerifySignatureMalformedSignature.
/**
* Tests the behavior of the {@code verifySignature} method with a signature
* that isn't formatted properly.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureMalformedSignature() throws Exception {
final KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator("RSA");
keyPairGenerator.initialize(2048);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
PKCS10CertificateSigningRequest csr = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, keyPair, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
final X509CertificateExtension[] extensions = new X509CertificateExtension[csr.getExtensions().size()];
csr.getExtensions().toArray(extensions);
csr = new PKCS10CertificateSigningRequest(csr.getVersion(), csr.getSignatureAlgorithmOID(), null, new ASN1BitString(true, false, true, false, true), csr.getSubjectDN(), csr.getPublicKeyAlgorithmOID(), null, csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), null, extensions);
csr.verifySignature();
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class CRLDistributionPointRevocationReasonTestCase method testEmptySet.
/**
* Tests the behavior when trying to decode a bit string with no bits set.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testEmptySet() throws Exception {
final boolean[] noBits = new boolean[0];
assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(noBits)));
assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(noBits)).isEmpty());
final boolean[] correctNumberOfBits = new boolean[CRLDistributionPointRevocationReason.values().length];
Arrays.fill(correctNumberOfBits, false);
assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)));
assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)).isEmpty());
final boolean[] moreBitsThanNecessary = new boolean[100];
Arrays.fill(moreBitsThanNecessary, false);
assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)));
assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)).isEmpty());
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class PKCS8PrivateKeyTestCase method testAllElementsEC.
/**
* Tests a private key with a minimal set of elements that uses the elliptic
* curve algorithm.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAllElementsEC() throws Exception {
final EllipticCurvePrivateKey ecPrivateKey = new EllipticCurvePrivateKey(1, new byte[32], NamedCurve.SECP256R1.getOID(), new ASN1BitString(new boolean[256]));
PKCS8PrivateKey privateKey = new PKCS8PrivateKey(PKCS8PrivateKeyVersion.V2, PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), ecPrivateKey.encode(), ecPrivateKey, new ASN1OctetString("attributes"), new ASN1BitString(new boolean[256]));
assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
privateKey = new PKCS8PrivateKey(privateKey.encode().encode());
assertNotNull(privateKey.getVersion());
assertEquals(privateKey.getVersion(), PKCS8PrivateKeyVersion.V2);
assertNotNull(privateKey.getPrivateKeyAlgorithmOID());
assertEquals(privateKey.getPrivateKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(privateKey.getPrivateKeyAlgorithmName());
assertEquals(privateKey.getPrivateKeyAlgorithmName(), "EC");
assertNotNull(privateKey.getPrivateKeyAlgorithmNameOrOID());
assertEquals(privateKey.getPrivateKeyAlgorithmNameOrOID(), "EC");
assertNotNull(privateKey.getPrivateKeyAlgorithmParameters());
assertEquals(privateKey.getPrivateKeyAlgorithmParameters().decodeAsObjectIdentifier().getOID(), NamedCurve.SECP256R1.getOID());
assertNotNull(privateKey.getEncodedPrivateKey());
assertEquals(privateKey.getEncodedPrivateKey().getValue(), ecPrivateKey.encode().getValue());
assertNotNull(privateKey.getDecodedPrivateKey());
assertTrue(privateKey.getDecodedPrivateKey() instanceof EllipticCurvePrivateKey);
final EllipticCurvePrivateKey decodedPrivateKey = (EllipticCurvePrivateKey) privateKey.getDecodedPrivateKey();
assertEquals(decodedPrivateKey.getVersion(), 1);
assertEquals(decodedPrivateKey.getPrivateKeyBytes(), new byte[32]);
assertEquals(decodedPrivateKey.getNamedCurveOID(), NamedCurve.SECP256R1.getOID());
assertEquals(decodedPrivateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
assertNotNull(privateKey.getAttributesElement());
assertEquals(privateKey.getAttributesElement().getValue(), new ASN1OctetString("attributes").getValue());
assertNotNull(privateKey.getPublicKey());
assertEquals(privateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
assertNotNull(privateKey.toString());
assertNotNull(privateKey.toPEM());
assertFalse(privateKey.toPEM().isEmpty());
assertNotNull(privateKey.toPEMString());
assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class InternalCertHelperTestCase method testCreatePKCS10CertificateSigningRequest.
/**
* Provides test coverage for the
* {@code createPKCS10CertificateSigningRequest} method.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCreatePKCS10CertificateSigningRequest() throws Exception {
final byte[] modulusBytes = new byte[256];
modulusBytes[0] = 0x40;
modulusBytes[255] = 0x01;
final BigInteger modulus = new BigInteger(modulusBytes);
final BigInteger exponent = BigInteger.valueOf(65537L);
final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
final PKCS10CertificateSigningRequest csr = InternalCertHelper.createPKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(true, false, true, false, true), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), null, null);
assertNotNull(csr.getVersion());
assertEquals(csr.getVersion(), PKCS10CertificateSigningRequestVersion.V1);
assertNotNull(csr.getSignatureAlgorithmOID());
assertEquals(csr.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID());
assertNotNull(csr.getSignatureAlgorithmName());
assertEquals(csr.getSignatureAlgorithmName(), "SHA-256 with RSA");
assertNotNull(csr.getSignatureAlgorithmNameOrOID());
assertEquals(csr.getSignatureAlgorithmNameOrOID(), "SHA-256 with RSA");
assertNull(csr.getSignatureAlgorithmParameters());
assertNotNull(csr.getSubjectDN());
assertEquals(csr.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corporation,C=US"));
assertNotNull(csr.getPublicKeyAlgorithmOID());
assertEquals(csr.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
assertNotNull(csr.getPublicKeyAlgorithmName());
assertEquals(csr.getPublicKeyAlgorithmName(), "RSA");
assertNotNull(csr.getPublicKeyAlgorithmNameOrOID());
assertEquals(csr.getPublicKeyAlgorithmNameOrOID(), "RSA");
assertNull(csr.getPublicKeyAlgorithmParameters());
assertNotNull(csr.getEncodedPublicKey());
assertNotNull(csr.getRequestAttributes());
assertTrue(csr.getRequestAttributes().isEmpty());
assertNotNull(csr.getExtensions());
assertTrue(csr.getExtensions().isEmpty());
assertNotNull(csr.getSignatureValue());
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
}
Aggregations